skill-security-scan
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection through the
skill_locationingestion point. 1. Ingestion points: The skill reads external data from a location provided at runtime. 2. Boundary markers: Absent. The instructions do not specify how to distinguish between the auditor's commands and the untrusted content being analyzed. 3. Capability inventory: The skill performs complex reasoning and report generation; an attacker could redirect this reasoning to hide malicious findings. 4. Sanitization: Absent. There is no instruction to escape or ignore instructions found within the loaded data. - NO_CODE (LOW): This skill consists entirely of markdown instructions (a system prompt) and lacks any executable code or scripts. While this eliminates risks like hardcoded malware or unauthorized command execution, the lack of programmatic validation makes the skill entirely dependent on the LLM's ability to resist adversarial instructions in the data it parses.
Audit Metadata